npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

npm-guardian

v0.1.1

Published

Advanced Supply Chain Security for Node.js. Monorepo for guardian-core, guardian-integrity, guardian-monitor, guardian-chain, and guardian-sandbox.

Downloads

15

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

elhadjxelhadjx

Keywords

Readme

npm-guardian

Advanced Supply Chain Security for Node.js

npm-guardian is a comprehensive security toolkit designed to protect Node.js applications from modern supply chain attacks, including worms, credential harvesting, typosquatting, and dependency confusion. It provides multi-layered protection through behavioral analysis, integrity verification, and proactive threat detection.

Features

  • Threat Detection Engine: Scans for known malicious packages and suspicious behaviors.
  • Package Integrity: Cryptographically verifies package contents and detects tampering.
  • Behavioral Monitoring: Monitors runtime network, file, and process activity for anomalies.
  • Supply Chain Analysis: Assesses dependency tree risk and verifies package provenance.
  • Sandboxing: Safely executes install scripts and new packages in isolation.
  • CI/CD Integration: Works with GitHub Actions and other CI tools.
  • Zero-Config Default: Sensible defaults, with granular configuration for advanced users.

Installation

npm install --save-dev npm-guardian
npx guardian init # Creates configuration and baseline

Configuration

Create or edit guardian.config.js:

module.exports = {
  protection: {
    level: 'strict', // strict, moderate, permissive
    blockSuspicious: true,
    quarantineUnknown: true
  },
  monitoring: {
    networkTraffic: true,
    fileSystemAccess: true,
    credentialScanning: true,
    processMonitoring: true
  },
  allowlist: [
    '@trusted/package',
    'well-known-library'
  ],
  notifications: {
    slack: 'webhook-url',
    email: '[email protected]'
  }
};

Usage

CLI

npx guardian init
npx guardian audit
npx guardian check-dependencies

Runtime (Recommended)

// Automatic protection
require('npm-guardian/auto-protect');

// Manual protection
const guardian = require('npm-guardian');
guardian.protect({
  onThreatDetected: (threat) => {
    console.log(`Threat detected: ${threat.type}`);
    // Custom handling
  }
});

CI/CD Example (GitHub Actions)

- name: npm Guardian Security Check
  uses: npm-guardian/action@v1
  with:
    fail-on: 'medium'
    report-format: 'sarif'

How It Works

  • Pre-Install: Analyzes package reputation, dependency risk, and known vulnerabilities.
  • Install-Time: Inspects install scripts, sandboxes risky code, and monitors file access.
  • Runtime: Detects anomalous network, file, and process activity; protects credentials.
  • Continuous: Periodically verifies integrity and updates threat intelligence.

Roadmap

  • Core protection and monitoring
  • Machine learning threat detection
  • Community threat intelligence sharing
  • Integration with major security platforms
  • Enterprise features and compliance reporting

License

MIT

Contributing

Pull requests and issues are welcome!

Author

Hadj Hadji